Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932889AbdDQGDD (ORCPT ); Mon, 17 Apr 2017 02:03:03 -0400 Received: from mail-pf0-f173.google.com ([209.85.192.173]:34041 "EHLO mail-pf0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932827AbdDQGCz (ORCPT ); Mon, 17 Apr 2017 02:02:55 -0400 From: Viresh Kumar To: Javi Merino , Zhang Rui , Eduardo Valentin , Amit Daniel Kachhap , Viresh Kumar Cc: linaro-kernel@lists.linaro.org, Rafael Wysocki , linux-pm@vger.kernel.org, linux-kernel@vger.kernel.org, Vincent Guittot , "4 . 2+" Subject: [PATCH V2 01/17] thermal: cpu_cooling: Avoid accessing potentially freed structures Date: Mon, 17 Apr 2017 11:31:46 +0530 Message-Id: X-Mailer: git-send-email 2.12.0.432.g71c3a4f4ba37 In-Reply-To: References: In-Reply-To: References: Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1132 Lines: 30 After the lock is dropped, it is possible that the cpufreq_dev gets freed before we call get_level() and that can cause kernel to crash. Drop the lock after we are done using the structure. Cc: 4.2+ # 4.2+ Fixes: 02373d7c69b4 ("thermal: cpu_cooling: fix lockdep problems in cpu_cooling") Signed-off-by: Viresh Kumar --- drivers/thermal/cpu_cooling.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/thermal/cpu_cooling.c b/drivers/thermal/cpu_cooling.c index 69d0f430b2d1..be29489dd247 100644 --- a/drivers/thermal/cpu_cooling.c +++ b/drivers/thermal/cpu_cooling.c @@ -153,8 +153,10 @@ unsigned long cpufreq_cooling_get_level(unsigned int cpu, unsigned int freq) mutex_lock(&cooling_list_lock); list_for_each_entry(cpufreq_dev, &cpufreq_dev_list, node) { if (cpumask_test_cpu(cpu, &cpufreq_dev->allowed_cpus)) { + unsigned long level = get_level(cpufreq_dev, freq); + mutex_unlock(&cooling_list_lock); - return get_level(cpufreq_dev, freq); + return level; } } mutex_unlock(&cooling_list_lock); -- 2.12.0.432.g71c3a4f4ba37